Hi everybody,
Just to report it: I managed to find the issue (as usual, between the keyboard
and the chair). The problem was that ovmf in arch does not ship with default
keys enrolled. I got a pair OVMF_CODE/VARS from anoter distro (with default keys
already enrolled), and everything worked.
Thank you for your time!
Felix
On Monday, December 28, 2020 8:58:53 AM CET you wrote:> Hi everybody,
>
> I am having serious trouble enabling secure boot via virt-install... and I
do not see clearly even where to look for help :-/. Maybe somebody can point me
on the right direction? I am running:
> arch linux
> edk2-ovmf 202011-1
> libvirt 6.5
> virt-install 3.2
> qemu 5.2
>
> I am creating the domain with virt-install, and the parameters
> --features smm.state=on
> --boot
loader=/usr/share/ovmf/x64/OVMF_CODE.secboot.fd,nvram.template=/usr/share/ovmf/x64/OVMF_VARS.fd,loader.readonly=yes,loader.type=pflash,loader_secure=yes
>
> If I boot into the UEFI I can see there is the menu for the OVMF and Secure
Boot available, but when I get into the Secure Boot entry, I only see it is
"disabled" and I cannot tick the "Attempt secure boot" box.
>
> As far as I understand, by using OVMF_CODE.secboot.f I should already get
the default keys working, so I should be good to go to test this setup, but...
to no success.
>
> Does anybody have any idea on what might be wrong/where can I get help
(should this not be the place?)
>
> Thank you!
> Felix